diff options
author | Florian Westphal <fw@strlen.de> | 2023-12-21 11:25:14 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-12-22 11:57:46 +0100 |
commit | dcb199544563ded462cb7151134278f82a9e6cfd (patch) | |
tree | b1a1937e32bf5eda4126fb288751fdddb9fbda42 /tests/shell | |
parent | b9e19cc396347df8c7f8cf5d14ba1d6172040f16 (diff) |
src: do not allow to chain more than 16 binops
netlink_linearize.c has never supported more than 16 chained binops.
Adding more is possible but overwrites the stack in
netlink_gen_bitwise().
Add a recursion counter to catch this at eval stage.
Its not enough to just abort once the counter hits
NFT_MAX_EXPR_RECURSION.
This is because there are valid test cases that exceed this.
For example, evaluation of 1 | 2 will merge the constans, so even
if there are a dozen recursive eval calls this will not end up
with large binop chain post-evaluation.
v2: allow more than 16 binops iff the evaluation function
did constant-merging.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell')
-rw-r--r-- | tests/shell/testcases/bogons/nft-f/huge_binop_expr_chain_crash | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/shell/testcases/bogons/nft-f/huge_binop_expr_chain_crash b/tests/shell/testcases/bogons/nft-f/huge_binop_expr_chain_crash new file mode 100644 index 00000000..8d1da726 --- /dev/null +++ b/tests/shell/testcases/bogons/nft-f/huge_binop_expr_chain_crash @@ -0,0 +1,5 @@ +table t { + chain c { + meta oifname^a^b^c^d^e^f^g^h^i^j^k^l^m^n^o^p^q^r^s^t^u^v^w^x^y^z^A^B^C^D^E^F^G^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z^0^1^2^3^4^5^6^7^8^9 bar + } +} |